Security & Privacy Site
Current topics for your financial well being and peace of mind
Topical Links

Security and Privacy Site
Home Page

Check 21

Credit Reports

Electronic Check Conversion

Identity Theft

Phishing

Skimming

Spyware

Telephone & Mail Scams

Top Online Scams

Virus Threats

Contact Us

Return to our Main Site
Information for Better Decisions

Protecting Your Financial Resources

Phishing

Phishing is a type of fraudulent e-mail scheme designed to scare you into providing your personal and financial information online.


How does it work? An e-mail is sent out that is designed to trick consumers into surrendering personal information. They may appear to come from government agencies such as the IRS, an online shopping venue such as E-Bay, or even a credit card company. The most popular scams are:
  • Bank Account Scam
    An e-mail from what appears to be your bank or credit union inquiring about changes to your account.
  • IRS E-Audit Scam
    An e-mail from what appears to be the IRS encouraging you to complete a questionnaire within 48 hours to avoid penalties and interest.
  • Big Purchase Scam
    An e-mail from what appears to be a retailer asking you to confirm "a recent large purchase."
  • Expired Credit Card Scam
    An e-mail from what appears to be your Internet Service Provider asking you to update credit card information.
  • Employment Site Scam
    An e-mail that appears to be a wonderful job opportunity. You are asked to complete an application that includes your social security number.
Recipients are directed to websites where they are asked to verify personal information such as their name, bank account and credit card numbers, social security numbers, and other information. A sense of urgency is created by telling the consumer that, with little or no notice, their account will be shut down unless they confirm their personal and/or billing information right away. In addition, great care is taken to copy the original Website to make the scheme appear as authentic as possible. Web addresses (URLs) are masked to make them look real.

If you receive an e-mail of this nature, DO NOT respond to it, click on the link, or provide any information. Delete it. In addition, you may want to:
  • Contact the company directly using a phone number or Website address you know is genuine and tell them about the scheme;
  • Review your credit card and account statements as soon as you receive them to determine whether there have been any unauthorized charges;
  • Report suspicious activity to the FTC and forward the suspicious e-mail to them at uce@ftc.gov.
To protect yourself, consider the following:
  • Companies rarely ask for information they already have.
  • Don't use links embedded in e-mails to go to a familiar site. Go directly to the company's Website the way you normally do.
  • Do not give out personal financial information as a result of an e-mail solicitation.
  • Spoof websites normally have longer addresses (URLs). Take a second look.
  • The IRS does not use e-mail to notify consumers, nor do they conduct e-audits.
If you are victimized, contact the three major credit bureausto place a "fraud alert" on your accounts, and notify your local police.

Report a phishing scam to Desco

If you believe you have received a fraudulent email from Desco, please forward it on to our Security Center at security@descofcu.org.  Do not open any attachments or links included in the email. 

If you have submitted your personal information to a fraudulent email or Web site, contact Desco at (800) 488-0746 as well as any other financial institutions which you hold an account.


Fraud Definitions

Honeypots: Closely monitored network decoys designed to distract adversaries from more valuable machines on a network. They can provide early warning about new attack and exploitation trends and they allow in-depth examination of attacks.

Keystroke logger: A software program that enables one Internet user to monitor the actual keystrokes of another Internet user.

Phishing: A process by which fraudsters are able to replicate the "look and feel" of a legitimate financial services company's e-mail or Web site for the purposes of tricking customers into divulging personal identification, passwords and financial data.

Shoulder surfing: Stealing a computer password or access code by peeking over a person's shoulder while he types in the characters.

Skimming: The copying by a dishonest cashier of the data on a magnetic stripe on a customer's credit card by swiping it through a small card reader. The information is then used to make counterfeit cards.

Sniffing: The watching, displaying and logging of another Internet user's computer traffic.

Spoofing: The forging of an e-mail header to make it appear as if it came from someone or somewhere other than the actual source.

Synthetic identity: A false identity made up of stolen components.

Trojan horses: Programs in which malicious or harmful code is concealed or hidden inside apparently harmless programming or data, the purpose of which is to get control of the breached computer and do damage.